An existing hard-disk data access control technology is based on an upper-layer application and an upper-layer device. For example, in a storage device, an ordinary block storage device integrates disks into a redundant array of independent disks (RAID) group, where the RAID is divided into stripes, and a stripe is divided into logic units (LUN), which then mapped onto an upper-layer host. A host layer manages stored data using a file system or another device system (for example, using a database of the device). Alternatively, a hard disk is directly installed into a simple computer system, and an operating system manages, using a file system, a storage manner and an access manner for data on the hard disk.
An existing distributed key-value storage system is an object-based storage system. In this storage system, all data is divided into small objects, which are then stored, based on a hash algorithm, in several locations in a distributed hash table (DHT) ring. In this way, a user can retrieve data corresponding to an object using a key, thereby implementing an access to the data. This storage system can implement simultaneous accesses of multiple users to the same storage system. A logical layer is implemented in the system at a user access interface to implement isolation of data accesses of the multiple users and protect data security, where the logical layer can enable different users to access and to only access a range of data allocated to themselves, but not to access data of other users.
An implementation principle of a prior-art key-value storage device is actually logical isolation. Logical design is subject to insecurity. To implement management of accesses of all users using a user management layer in a system, it needs to be ensured that an access interface for the users is unique and secure and that an access of a user to related data can be obtained only after the access is authenticated by the interface. Data of all users can still be accessed if the access interface of the system is not unique, or any data can be accessed after the system has a related vulnerability.